Imagine going to your data lake and instead of finding your data you find only one message, “NODATA4U Secure YourShit”. I and others experienced this just a week ago and we are the ones willing to admit it and expect many others do not want their breach known for many obvious reasons. In the digital economy, data aligned to the processes that achieve value propositions is the life blood of the economy. As we embrace the big data environment, it is important for all who have already or who are about to embark on this journey to understand how security of the big data environment is a critical consideration too often left out of the equation in big data implementations. I’ll share some stories to serve as a warning and then provide means to ensure that this does not become your story to tell. Imagine going to your data lake and instead of finding your data you find only one message,

“NODATA4U Secure YourShit”. This is unfortunately not as uncommon as you would expect, for

anyone with access to a web gateway to your data lake also has access to your data unless you have

taken specific precautions to block web access. Unfortunately, security is not one of the strong points of

Hadoop, and that goes double for the HFDS environment, the backbone of your data lake. And if

someone can as easily replace your data with a single message, they could run algorithms to figure out

what the columns of data is within your data lake and over-write the contents, or even worse, make

copies of the contents with little trace that they have been there.

It is the reality of the digital economy that the likes of Yahoo, Sony, Target, the White House, the NSA,

the watch dogs of governmental security and many others have been victims of hacking. Sometimes by

someone who is just out to prove that they can, but often by someone with the intent of stealing

personally identifiable information (PII). This PII can be credit cards, phone numbers, social security

numbers, Medicare numbers, bank account numbers, brokerage account numbers or a host of other

information that can be used maliciously.

The reality is even seen in our recent politics, elections, candidates, government facilities, major corporations, email services, clouds and more. It’s not if you will ever be hacked, it’s a matter of when and what information you are making available to these hackers and what damages will be sustained short and long term. Suffice it to say that the modern conveniences of the digital economy brings with it some baggage, and much of that baggage is focused on securing the data sufficiently so that those who share with you their personal information do so with an understanding that you will perform the necessary due diligence to protect this information. Fail on this point and they will no longer trust you with information necessary to perform commerce in the digital economy. It is that important. There may be fines which can justify the investments to be made, but the exposure to customers, suppliers, partners, financiers and agents is far larger than the financial outlay of fines imposed by regulators for data breaches. You may ask what are some of the actions you should be taking. They include the enlistment of a digital security product like Kerberos, enlisting the services of secure sockets and firewalls and encrypting data

that should be encrypted before committing it to your data lake. You should also include in your plans regularly scheduled and surprise audits of the security framework, which should encompass the big data environment and everything that subscribes to big data or sources big data. In this digital economy, the toasters you provide to customers may have enough intelligence to open a gateway to your security. You must also understand that there are no 100% guarantees that your environment will be secure. It is through surprise security audits and sanctioned hacking attempts that you solidify your security armor in such a way that you can prove to your customers, suppliers, partners, financiers and agents that you have performed the necessary due diligence to protect the information they have entrusted to you. In the big data environment, there is one more component which is required, that being a catalog to provide your security professionals a map to determine where their exposure is, what data made it to the big data environment unintentionally which poses a security risk and what information requires revisiting for encryption and other services. About the Authors: Steven Meister is the president of BigDataRevealed, the vendor of the intelligent big data catalog. Steve can be reached at steven.meister@bigdatarevealed.com. Mark Albala is the president of InfoSight Partners, the vendor of the Information Valuation Engine and a speaker on information in the digital economy. Mark can be reached at mark@infosightpartners.com.